CVE-2025-20435

Name of the Vulnerable Software and Affected Versions Android phones with MediaTek chips (affected versions not specified)

Description A flaw exists in MediaTek chips that could allow attackers to steal cryptocurrency. The attack requires physical access to the device and a USB cable. Attackers can extract PINs and seed phrases from popular wallets, such as Trust Wallet, Kraken Wallet, and Phantom, in under 45 seconds, without needing malware, internet access, or a password. Approximately 875 million Android devices are potentially affected. The vulnerability allows attackers to bypass the operating system's security measures and access sensitive data. The vulnerability affects the transport layer of the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.